CGI rights question

dorno

Normally (i.e. without any further configuration) the access to file system objects will always be determined by the rights of the user account that apache runs under. The web server is the only actual process involved (a process runs as a system user), and the web server only authenticates users via a HTTP connection, which is unrelated to the local security system.

select woes
I created a very UDP simple server (Linux kernel 2.4.20) that listens on two ports --- 6000 & 7000. I am using select(), but I am seeing some unexpected behavior. The server...

Anyone upgrade debian sarge from 2.4 to 2.6
Dances With Crows Yup, except the default kernel shipped with debian Sarge only recognizes 1 gb and...

But you can explicitly set a different user to execute CGI scripts as.

As you already noticed, an apache "user" (it might be better to call it "authorisation" to avoid this kind of confusion) has nothing to do with and does not of itself have any access to the underlying file system; you use apache authorisation to access *web pages* belonging to a certain apache "location" hierarchy. (An apache "location" maps to an actual filesystem location only in the trivial case; it can be made so convoluted you wouldn't even recognise it as a filesystem hierarchy anymore...)

Mapping one to the other (in terms of filesystem access rights) would involve seting up such mappings in a different namespace for each user, in order to be able to apply the required authorisation for each user.

One such method is to define a subdomain namespace for each user.

Need help installing overexisting linux setup
I have an old P-100 system that has no cd drive that I want to install the 2x.com thin client on...

What then? I can obviously hear you ask. Well, the usual way to go about this is to use the backend CGI program(s) to regulate any further access to the filesystem itself.

For this to be used effectively one needs to utilise the suexec functionality of apache, which is a way to impersonate another user for doing tasks by scripts called from the web server.

This has inherent security implications, however: a user account that is by design very limited (the apache user) can theoretically execute code as root.

List | Previous | Next

select woes

Linux groups from Newsgroups

The #1 Usenet Provider on the Internet

CGI rights question

PLEX86 x86- Virtual Machine (VM) Program


	Plex86 \| CVS \| Mailing List \| Download \| Linux \| Newsgroups

		CGI rights question dorno Normally (i.e. without any further configuration) the access to file system objects will always be determined by the rights of the user account that apache runs under. The web server is the only actual process involved (a process runs as a system user), and the web server only authenticates users via a HTTP connection, which is unrelated to the local security system. select woes I created a very UDP simple server (Linux kernel 2.4.20) that listens on two ports --- 6000 & 7000. I am using select(), but I am seeing some unexpected behavior. The server... Anyone upgrade debian sarge from 2.4 to 2.6 Dances With Crows Yup, except the default kernel shipped with debian Sarge only recognizes 1 gb and... But you can explicitly set a different user to execute CGI scripts as. As you already noticed, an apache "user" (it might be better to call it "authorisation" to avoid this kind of confusion) has nothing to do with and does not of itself have any access to the underlying file system; you use apache authorisation to access web pages belonging to a certain apache "location" hierarchy. (An apache "location" maps to an actual filesystem location only in the trivial case; it can be made so convoluted you wouldn't even recognise it as a filesystem hierarchy anymore...) Mapping one to the other (in terms of filesystem access rights) would involve seting up such mappings in a different namespace for each user, in order to be able to apply the required authorisation for each user. One such method is to define a subdomain namespace for each user. Need help installing overexisting linux setup I have an old P-100 system that has no cd drive that I want to install the 2x.com thin client on... What then? I can obviously hear you ask. Well, the usual way to go about this is to use the backend CGI program(s) to regulate any further access to the filesystem itself. For this to be used effectively one needs to utilise the suexec functionality of apache, which is a way to impersonate another user for doing tasks by scripts called from the web server. This has inherent security implications, however: a user account that is by design very limited (the apache user) can theoretically execute code as root. J. List \| Previous \| Next



		select woes Linux groups from Newsgroups The #1 Usenet Provider on the Internet CGI rights question